[balsa] Mitigate EFail vulnerability for Webkit2

[Peter Bloomfield <peterb src gnome org>]

commit 93727ce9d1662c51988c05eb0f11173c5f1ca598
Author: Albrecht Dreß <albrecht dress arcor de>
Date:   Thu May 31 15:21:34 2018 -0400

    Mitigate EFail vulnerability for Webkit2
    
    * libbalsa/html.c (lbh_navigation_policy_decision): ignore all
      decisions except WEBKIT_NAVIGATION_TYPE_LINK_CLICKED;
      (libbalsa_html_new): disable Java and JavaScript.
    
    Balsa's Webkit2 (USE_WEBKIT2 is defined) implementation is vulnerable
    to the EFail [1] attack, as it loads external content *without* user
    interaction for the cases H4, H5, H14, H15 and H17.  The attached patch
    * completely disables Java and JavaScript, as it should always be
      considered harmful in emails;
    * completely disables loading external content without user confirmation.
    
    [1] <https://efail.de/efail-attack-paper.pdf>
    
    Signed-off-by: Peter Bloomfield <PeterBloomfield bellsouth net>

 ChangeLog       |  8 ++++++++
 libbalsa/html.c | 11 ++++-------
 2 files changed, 12 insertions(+), 7 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 09ef437e4..c967b7dc1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2018-05-31  Albrecht Dreß <albrecht dress arcor de>
+
+       Mitigate EFail vulnerability for Webkit2
+
+       * libbalsa/html.c (lbh_navigation_policy_decision): ignore all
+       decisions except WEBKIT_NAVIGATION_TYPE_LINK_CLICKED;
+       (libbalsa_html_new): disable Java and JavaScript.
+
 2018-05-31  Peter Bloomfield  <pbloomfield bellsouth net>
 
        * src/balsa-index.c (bndx_compose_foreach): Count skipped
diff --git a/libbalsa/html.c b/libbalsa/html.c
index 0c2cbaec6..19a30c0ec 100644
--- a/libbalsa/html.c
+++ b/libbalsa/html.c
@@ -280,17 +280,11 @@ lbh_navigation_policy_decision(WebKitPolicyDecision * decision,
     uri = webkit_uri_request_get_uri(request);
 
     switch (navigation_type) {
-    case WEBKIT_NAVIGATION_TYPE_OTHER:
-    case WEBKIT_NAVIGATION_TYPE_RELOAD:
-        d(g_print("%s uri %s, type %d, used\n", __func__, uri,
-                  navigation_type));
-        webkit_policy_decision_use(decision);
-        break;
     case WEBKIT_NAVIGATION_TYPE_LINK_CLICKED:
         d(g_print("%s clicked %s\n", __func__, uri));
         (*info->clicked_cb) (uri);
     default:
-        d(g_print("%s type %d, ignored\n", __func__, navigation_type));
+        d(g_print("%s uri %s, type %d, ignored\n", __func__, uri, navigation_type));
         webkit_policy_decision_ignore(decision);
     }
 }
@@ -628,6 +622,9 @@ libbalsa_html_new(LibBalsaMessageBody * body,
 
     settings = webkit_web_view_get_settings(web_view);
     webkit_settings_set_enable_plugins(settings, FALSE);
+    webkit_settings_set_enable_javascript(settings, FALSE);
+       webkit_settings_set_enable_java(settings, FALSE);
+       webkit_settings_set_enable_hyperlink_auditing(settings, TRUE);
     webkit_settings_set_auto_load_images
         (settings,
          g_regex_match_simple(cid_regex, text, G_REGEX_CASELESS, 0));